x

75% of people globally want unbiased news (Pew Research) but are concerned they're not getting that.

Get balanced coverage with Symby. See how stories are covered across diverse outlets and spot when one side covers a story the other skips.

PODCAST

Application Security Weekly (Audio)

Security Weekly Productions

About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.

technology tech news

All Episodes

01:17:13

What's the Deal with API Security? - Sandy Carielli -...

Application Security Weekly (Audio) ·

2023/06/06

Walking the show floor at RSA Conference, you couldn't trip without falling into an application security vendor booth ... and API security specialists were especially plentiful. Join Forrester Principal Analyst Sandy Carielli for her thoughts on RSA Conference and a deep dive into the challenges of API security. Segment Resources: - https://www.forrester.com/blogs/insights-from-the-2023-rsa-conference-generative-ai-quantum-and-innovation-sandbox/ OWASP has a draft for the LLM Top 10, simple vulns

en

35:46

Doing Application Security Right – Farshad Abasi –...

Application Security Weekly (Audio) ·

2023/05/30

Check out this interview from the ASW VAULT, hand picked by main host Mike Shema! This segment was originally published on March 14, 2022. Cybersecurity is a large and often complex domain, traditionally focused on the infrastructure and general information security, with little or no attention to Application Security. Security providers usually tack-on AppSec services to their existing menu of offering without understanding the domain, and their team of professionals have little or no experience

en

01:16:36

Ten Things I Hate About Lists - ASW #242

Application Security Weekly (Audio) ·

2023/05/23

The OWASP Top 10 dates back to 2003, when appsec was just settling on terms like cross-site scripting and SQL injection. It's a list that everyone knows about and everyone talks about. But is it still the right model for modern appsec awareness? What if we put that attention and effort elsewhere? Maybe we could have secure defaults instead. Or linters and build tools that point out these flaws. We'll talk about top 10 lists, what we like about them, what we don't like, and what we'd like to see

en

01:07:38

Securing the App Lifecycle: Strategies for Long-Term...

Application Security Weekly (Audio) ·

2023/05/16

What happens to an app's security after six months? What about a year or two years? A Secure SDLC needs to maintain security throughout an app's lifetime, but too often the rate of new flaws can outpace the rate of new code within an app. Appsec teams need strategies and processes to keep software secure for as long as possible. Segment Resources: https://www.veracode.com/state-of-software-security-report Learn how hackers are exploiting the trust that mobile app owners place in their customers

en

01:10:35

From Security Theater to Resilience: Unveiling New...

Application Security Weekly (Audio) ·

2023/05/09

What does software resilience mean? Why is status quo application security unfit for the modern era of software? How can we move from security theater to security chaos engineering? This segment answers these questions and more. Segment Resources: Book -- https://securitychaoseng.com Blog -- https://kellyshortridge.com/blog/posts/ In the ever-evolving world of cybersecurity, attackers are constantly finding new ways to infiltrate your software supply chains. But with GitGuardian's Honeytoken, you

en

01:20:42

Navigating the Complexities of Application Security:...

Application Security Weekly (Audio) ·

2023/05/02

Application security is messy and is getting messier. Modern application security teams are struggling to identify what's more important to fix. Cloud security and application security is getting squeezed all together. Modern vulnerability maturity needs a new approach and guidance. Vulnerability management framework and mature defect management is often overlooked as organizations tend to identify issues and stop there. The devil is usually in the details and time gets burned down in identifying

en

01:20:12

Hackers and Policy: Empowering Users and Shaping...

Application Security Weekly (Audio) ·

2023/04/25

Jeff Moss shares some of history of DEF CON, from CFPs to Codes of Conduct, and what makes it a hacker conference. We also discuss the role of hackers and researchers in representing users within policy discussions. Segment links https://defcon.org https://forum.defcon.org https://media.defcon.org https://defcon.social/about Microsoft turns to a weather-based taxonomy, k8s shares a security audit, a GhostToken that can't be exorcised from Google accounts, BrokenSesame RCE, typos and security,

en

01:10:44

Bug Bounty Programs and Community Building: Unveiling...

Application Security Weekly (Audio) ·

2023/04/18

We talk with Ben about the rewards, hazards, and fun of bug bounty programs. Then we find out different ways to build successful and welcoming communities. A new deps.dev API for supply chain enthusiasts, hacking and modding agricultural devices, guidance from CISA on secure by design (and by default!), Glaze brings adversarial art to AI training, key transparency for WhatsApp, a new appsec myth(?), Android hacking tool list, and a Chrome extension to find web debugging behavior. Visit

en

01:11:10

Application Security in the Cloud: Safeguarding Data...

Application Security Weekly (Audio) ·

2023/04/11

Application security in the cloud is a crucial aspect of protecting data and preventing unauthorized access to applications hosted on cloud platforms. As cloud computing becomes more prevalent, ensuring the security of applications has become a top priority for organizations. This is because cloud environments present unique security challenges, such as shared resources, multi-tenancy, and a lack of physical control. Therefore, it is essential to implement security measures that are specific to

en

01:11:50

eBPF: The Future of Security and Infrastructure Tools...

Application Security Weekly (Audio) ·

2023/04/04

Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon.

en

01:14:53

AI in Production: Unveiling Use Cases, Security...

Application Security Weekly (Audio) ·

2023/03/28

With the increased interest and use of AI such as GTP 3/4, ChatGPT, GitHub Copilot, and internal modeling, there comes an array of use cases and examples for increased efficiency, but also inherent security risks that organizations should consider. In this talk, Invicti’s CTO & Head of Security Research Frank Catucci discusses potential use cases and talks through real-life examples of using AI in production environments. Frank delves into benefits, as well as security implications, touching on a

en

01:17:28

The Power of Static Analysis: Strengthening...

Application Security Weekly (Audio) ·

2023/03/21

Static analysis is the art of scrutinizing your code without building or running it. Common static analysis tools are formatters (which change whitespace and other trivia), linters (which detect likely best practice and style issues), and type checkers (which detect likely bugs). Each of these can aid in improving application security by detecting real issues at development-time. Segment Resources: https://typescript-eslint.io https://eslint.org https://blog.joshuakgoldberg.com Outlook can leak

en

01:26:21

ASW #232 - Josh Grossman

Application Security Weekly (Audio) ·

2023/03/14

In this segment, Josh will talk about the OWASP ASVS project which he co-leads. He will talk a little about its background and in particular how it is starting to be used within the security industry. We will also discuss some of the practicalities and pitfalls of trying to get development teams to include security activities and considerations in their day-to-day work and examples of how Josh has seen this “in the wild”. Segment Resources: Josh's personal website, https://joshcgrossman.com

en

01:20:29

ASW #231 - Neatsun Ziv

Application Security Weekly (Audio) ·

2023/03/07

In this episode, Neatsun Ziv, co-founder and CEO of Ox security takes a deep dive into supply chain security. He focuses on the new Open Software Supply Chain Attack Reference (OSC&R), a consortium of leading cybersecurity leaders. OSC&R the first and only open framework for understanding and evaluating existing threats to entire software supply chain security. Segment Resources: https://pbom.dev/ -https://github.com/pbomdev/ OSCAR WebSocket hijack that leads to a full workspace takeover in a

en

01:11:27

ASW #230 - Lina Lau

Application Security Weekly (Audio) ·

2023/02/28

Join us for this segment with Lina Lau to learn lessons from real incident response engagements covering types of attacks leveraged against the cloud, war stories from supply chain breaches seen in the last 1-2 years, and how defenders and enterprises can better protect and proactively defend against these attacks. Segment Resources: Attacking and Defending the Cloud (Training) https://training.xintra.org/ Blackhat Singapore 2023 Training ADVANCED APT THREAT HUNTING & INCIDENT RESPONSE (VIRTUAL)

en

33:27

Throwback Episode - ASW #178

Application Security Weekly (Audio) ·

2023/02/21

It's another holiday week, so enjoy this episode from our archives! What does a collaborative approach to security testing look like? What does it take to tackle an entire attack class as opposed to fixing a bunch of bugs? If we can shift from vulnerability mitigation to vulnerability elimination, then appsec would be able to demonstrate some significant wins -- and they need a partnership with DevOps teams in order to do this successfully. Log4j has more updates and more vulns (but probably not

en

01:21:27

ASW #229 - Nick Selby

Application Security Weekly (Audio) ·

2023/02/14

Organizations spend hundreds of work hours to build applications and services that will benefit customers and employees alike. Whether the application/service is externally facing or for internal use only, it is mandatory to identify and understand the scope of potential cyber risks and threats it poses to the organization. But where and how do you start with an accurate threat model? Nick can discuss how to approach this and create a model that's useful to security and developers alike. Segment

en

01:19:28

ASW #228 - Adrian Sanabria

Application Security Weekly (Audio) ·

2023/02/07

Most of the myths and lies in InfoSec take hold because they seem correct or sound logical. Similar cognitive biases make it possible for even the most preposterous conspiracy theories to become commonly accepted in some groups. This is a talk about the importance of critical thinking and checking sources in InfoSec. Our industry is relatively new and constantly changing. Too often, we operate more off faith and hope than fact or results. Exhausted and overworked defenders often don't have the time

en

01:12:28

ASW #227 - Dr. David Movshovitz

Application Security Weekly (Audio) ·

2023/01/31

A $10M ransom demand to Riot Games, a DoS in BIND and why there's no version 10, an unexpected refactor at Twilio, insights in Rust from the git security audit, SQL Slammer 20 years later, the SQLMap tool We talk with Dr. David Movshovitz about There Is No Average Behavior! Segment Resources: White paper: https://www.reveal.security/lp/white-paper/ Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook:

en

01:17:51

ASW #226 - Marudhamaran Gunasekaran

Application Security Weekly (Audio) ·

2023/01/24

Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML for web scanning, Top 10 web hacking techniques of 2022 Developers write code. Ideally, secure code. But what do we mean by secure code? What should secure code training look like? Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook:

en

387 results

Similar Podcasts

Lead With AI

Tamara Nall

Linux in the Ham Shack

Black Sparrow Media

Data Engineering Podcast

Tobias Macey

Eye On A.I.

Craig S. Smith

Reflections

Livewire Labs